Kaibro

Name of the Vulnerable Software and Affected Versions: SmartRobot from INTUMIT (affected versions not specified) Description: The issue is related to the improper validation of a specific page parameter, allowing unauthenticated remote attackers to inject JavaScript code for Reflected Cross-site Scripting attacks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Video Station versions prior to 5.8.1 **Description** A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. **Recommendations** For versions prior to 5.8.1, update to version 5.8.1 (2024/02/26) or later to patch this flaw. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Video Station versions prior to 5.7.0 **Description** A SQL injection issue has been reported, potentially allowing authenticated users to inject malicious code via a network. **Recommendations** For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Video Station versions prior to 5.7.0 **Description** A cross-site scripting (XSS) issue has been reported, potentially allowing authenticated users to inject malicious code via a network. **Recommendations** For versions prior to 5.7.0, update to version 5.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QuLog Center versions prior to 1.3.1.645 QuLog Center versions prior to 1.4.1.691 QuLog Center versions prior to 1.5.0.738 **Description** A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. **Recommendations** For QuLog Center versions prior to 1.3.1.645, update to version 1.3.1.645 or later. For QuLog Center versions prior to 1.4.1.691, update to version 1.4.1.691 or later. For QuLog Center versions prior to 1.5.0.738, update to version 1.5.0.738 or later.

**Name of the Vulnerable Software and Affected Versions** QuLog Center versions prior to 1.3.1.645 QuLog Center versions prior to 1.4.1.691 QuLog Center versions prior to 1.5.0.738 **Description** A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. **Recommendations** For QuLog Center versions prior to 1.3.1.645, update to QuLog Center 1.3.1.645 or later. For QuLog Center versions prior to 1.4.1.691, update to QuLog Center 1.4.1.691 or later. For QuLog Center versions prior to 1.5.0.738, update to QuLog Center 1.5.0.738 or later.

**Name of the Vulnerable Software and Affected Versions** QuFirewall versions prior to 2.3.3 **Description** A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. **Recommendations** For QuFirewall versions prior to 2.3.3, update to version 2.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the QuFirewall module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OMICARD EDM (affected versions not specified) **Description** The issue concerns the file uploading function in OMICARD EDM, which does not properly restrict the upload of files with dangerous types. This allows an unauthenticated remote attacker to upload and execute arbitrary files, potentially leading to the execution of system commands or disruption of service. The vulnerability can be exploited by a remote attacker to perform arbitrary actions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 (affected versions not specified) **Description** The file uploading function in the affected devices does not properly restrict the upload of files with dangerous types. This allows an unauthenticated remote attacker to upload and run arbitrary executable files, potentially enabling them to perform arbitrary system commands or disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agentflow BPM (affected versions not specified) **Description** The file upload function has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this to upload arbitrary files and execute arbitrary code, potentially manipulating the system or disrupting the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agentflow BPM enterprise management system (affected versions not specified) **Description** The issue is related to improper authentication in the Agentflow BPM enterprise management system. A remote attacker with general user privilege can exploit this by changing the name of the user account to acquire arbitrary account privilege. This allows the attacker to access, manipulate the system, or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Agentflow BPM (affected versions not specified) **Description** The Agentflow BPM file download function has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.